[OpenID] New OpenID provider - using inkblot passwords
Allen Tom
openid at allentom.com
Fri Nov 30 06:17:37 UTC 2007
Does this OP satisfy the phishing-resistant authentication PAPE policy? :)
Very cool!
Allen
Jeremy Elson wrote
>
> Greetings,
>
>
>
> I'm writing to let you know about our new, experimental OpenID
> Provider at http://www.inkblotpassword.com. Our implementation has a
> twist: we show you a series of inkblot images (similar to a Rorschach
> test) to help you create and, later, remember your password.
>
>
>
> I'm part of a small group at Microsoft Research that does work in the
> security and distributed systems space. A few years ago, one of our
> interns (Adam Stubblefield, now at Johns Hopkins) developed the idea
> of using inkblot images for password prompting. He spent the summer
> doing a user study that showed that inkblots made it much easier for
> users to remember very strong passwords. The goal is to reduce the
> use of weak passwords. You can read about the user study at
> ftp://ftp.research.microsoft.com/pub/tr/TR-2004-85.pdf. (There's also
> a summary of the research at
> http://research.microsoft.com/displayArticle.aspx?id=417.)
>
>
>
> Last month, we decided to whip up an OpenID implementation of Adam's
> inkblot generator. Right now it's pretty bare-bones, but if people
> find it useful, we'd be open to suggestions on what to improve.
>
>
>
> Enjoy!
>
>
>
> Cheers,
>
> Jeremy Elson
>
> MSR
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20071129/811bdce8/attachment-0002.htm>
More information about the general
mailing list